{"id":"MAL-2023-8053","summary":"Malicious code in repsol-uikit (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: ossf-package-analysis (0ded61aa0f6be46c0b02bb6eb5deb82d4dd4830e41a76cdf52d9d21576c50c57)\nThe OpenSSF Package Analysis project identified 'repsol-uikit' @ 9.999.0 (npm) as malicious.\n\nIt is considered malicious because:\n\n- The package executes one or more commands associated with malicious behavior.\n","aliases":["SNYK-JS-REPSOLUIKIT-5666427"],"modified":"2024-06-28T03:14:39.675536Z","published":"2023-08-31T22:36:47Z","database_specific":{"malicious-packages-origins":[{"modified_time":"2023-08-31T22:36:47Z","versions":["9.999.0"],"source":"ossf-package-analysis","sha256":"0ded61aa0f6be46c0b02bb6eb5deb82d4dd4830e41a76cdf52d9d21576c50c57","import_time":"2023-09-05T06:05:39.933270183Z"},{"modified_time":"2024-06-25T12:58:38Z","versions":["1.1.2","1.1.1"],"source":"reversing-labs","import_time":"2024-06-28T02:44:37.052964048Z","sha256":"d5ba44026942da8278f765ab045f43ebdeccb9ca4f662822c3d57ac0dd20e8c2","id":"RLMA-2024-01684"}]},"references":[{"type":"ADVISORY","url":"https://security.snyk.io/vuln/SNYK-JS-REPSOLUIKIT-5666427"}],"affected":[{"package":{"name":"repsol-uikit","ecosystem":"npm","purl":"pkg:npm/repsol-uikit"},"versions":["9.999.0","1.1.2","1.1.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/repsol-uikit/MAL-2023-8053.json"}}],"schema_version":"1.7.3","credits":[{"name":"OpenSSF: Package Analysis","contact":["https://github.com/ossf/package-analysis","https://openssf.slack.com/channels/package_analysis"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}